Saturday, November 7, 2009

Make sure an event is not fired

Recently I've been assigned with a task, this task is about making sure that an event will not fire unless user has the right to fire it.
In other words, you have a button in a multi user application and user X does not have the right to delete from database or to add to database, this can be easily done by writing Button.Enabled := False right? wrong, what if the user has some knowledge about windows, I mean he knows how to enable/disable a control with external applications like WinSpy++ or any other software which has option to modify a windows control behavior.
In this case you need a slick way to be absolutely sure that is not possible(it's not 100% sure only 99.99% because softice can come into play but there are few people capable to work with it and at that time you can't really do anything to protect your application) here's my implementation:
I've started by creating a unit which defines and implements two classes: TCtrlHolder and TCtrlHolderList.

The idea is very simple and elegant, you only assign an event based on the rights, no conditions in the real OnClick event.
A demo application can be downloaded from this link(only source code is provided).